Mobile banking in India is rapidly expanding, with transactions via smartphone apps reaching new heights over the past year. According to CEIC Data, based on Reserve Bank of India statistics, the total value of interbank mobile payments increased from approximately Rs 26.5 lakh crore in February 2025 to about Rs 34.1 lakh crore by January 2026, reflecting a consistent and significant rise in usage.
The digital payments system has grown rapidly in recent years, conducting over 65,000 crore transactions totalling more than Rs 12,000 lakh crore in the last six financial years, according to the PIB. The increasing use of digital payments has enhanced access to financial services, especially for underserved and unserved communities.
During a time when more people depend on mobile apps for daily banking, Zerodha's Nithin Kamath has a different perspective. In a candid post on X, he explained why he avoids using net banking apps on his smartphone, raising concerns about the level of access these apps require from users.
I don't use net banking apps on my phone because the mandatory permissions they ask for make no sense. Why does a banking app need access to my SMS, phone, contacts, etc., in the name of security, when not seeking invasive device permissions is, in fact, the global benchmark…— Nithin Kamath (@Nithin0dha) March 17, 2026
Kamath said he avoids mobile banking apps mainly because of the permissions they request, describing many as unnecessary. He pointed out that several apps seek access to SMS, contacts and phone data, even though such permissions may not be essential for basic banking functions, bringing the focus back to the balance between convenience and user privacy.
“I don’t use net banking apps on my phone because the mandatory permissions they ask for make no sense,” Kamath wrote in his post on X.
According to Kamath, this approach goes against a widely accepted cybersecurity idea known as the ‘Principle of Least Privilege’ (PoLP). This principle suggests that any system or application should only be given the minimum level of access needed to perform its task, nothing more.
“Why does a banking app need access to my SMS, phone, contacts, etc., in the name of security, when not seeking invasive device permissions is, in fact, the global benchmark for cybersecurity,” he asked.
Kamath’s comments come at a time when digital banking has become routine for millions of users, especially in India, where smartphone-based financial services have grown rapidly. While banks often argue that permissions such as SMS access help with features like automatic transaction verification or fraud detection, critics say this can expose users to unnecessary privacy risks.
Linking the issue to his own company’s philosophy, Kamath said that respecting user privacy has been a core idea behind how Zerodha builds its products. He referred to a simple guiding principle, “Don’t do unto others what you don’t want done unto you.”
He highlighted that Zerodha’s trading app, Kite, does not ask for any mobile permissions, and said this has helped build trust among users. Instead of relying on intrusive access, Kamath pointed to regulatory frameworks such as strong two-factor authentication mandated by the Securities and Exchange Board of India as a more balanced way to ensure both security and privacy.
“What has enabled us is SEBI’s mandatory strong two-factor authentication framework strike the right balance between security and privacy,” he said.
Kamath’s remarks have sparked a broader online debate about whether convenience is being prioritised over privacy in the design of financial apps. As more users rely on smartphones for banking, the discussion about how much access is too much is likely to intensify.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
Find the best of Al News in one place, specially curated for you every weekend.
Stay on top of the latest tech trends and biggest startup news.
